hxxp://links[.]ei1[.]email[.]military[.]com/ctt?m=10434088&r=NTIwNjg2Mzk0OTYwS0&b=0&j=MTkwMDEwMDkwNAS2&k=NEWSLETTER&kx=1&kt=12&kd=https%3A%2F%2Fwww[.]military[.]com%2Foff-duty%2Fautos%2Fu-2-chase-car-spy-jets-best-friend[.]html%3FESRC%3Deb_240105[.]nl%26utm_medium%3Demail%26utm_source%3Deb%26utm_campaign%3D20240105

Analysis

max time kernel
160s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://links.ei1.email.military.com/ctt?m=10434088&r=NTIwNjg2Mzk0OTYwS0&b=0&j=MTkwMDEwMDkwNAS2&k=NEWSLETTER&kx=1&kt=12&kd=https%3A%2F%2Fwww.military.com%2Foff-duty%2Fautos%2Fu-2-chase-car-spy-jets-best-friend.html%3FESRC%3Deb_240105.nl%26utm_medium%3Demail%26utm_source%3Deb%26utm_campaign%3D20240105

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4184	msedge.exe
4184	msedge.exe
1924	identity_helper.exe
1924	identity_helper.exe
392	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 4500	4184	msedge.exe	90
PID 4184 wrote to memory of 4500	4184	msedge.exe	90
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4468	4184	msedge.exe	93
PID 4184 wrote to memory of 4320	4184	msedge.exe	92
PID 4184 wrote to memory of 4320	4184	msedge.exe	92
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94
PID 4184 wrote to memory of 1256	4184	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://links.ei1.email.military.com/ctt?m=10434088&r=NTIwNjg2Mzk0OTYwS0&b=0&j=MTkwMDEwMDkwNAS2&k=NEWSLETTER&kx=1&kt=12&kd=https%3A%2F%2Fwww.military.com%2Foff-duty%2Fautos%2Fu-2-chase-car-spy-jets-best-friend.html%3FESRC%3Deb_240105.nl%26utm_medium%3Demail%26utm_source%3Deb%26utm_campaign%3D20240105
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeccba46f8,0x7ffeccba4708,0x7ffeccba4718
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7108 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,14344742179559714388,10478317087682231945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x318
1⤵
PID:5560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
64KB

MD5
637beb2095ca1f0b89169bbafebe3ac5

SHA1
6f34a75130f5eeeaef3999032e0b9e23eedc2a9b

SHA256
b92749f59bdb5f76e06d0d6d338262fc18cb3997f81ab9dfecea576846073431

SHA512
3a0d2b9376478b583c07934d9cff0b413d231a50e9d8e7f8780a28c32a15e159688108100ebecac8e2a196f2867ae220c8956843d2826c3f3ecc3804cb4afefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
103KB

MD5
36c8b9d78cae1236b3c11cd7e928c94c

SHA1
a9a3281fdefbdbadf1e8b06f26f497e6fe630e9c

SHA256
d23638ae056739f2a120fbf6502540c9430a8794c7685998d8510fb64c1532da

SHA512
9af6b95e646c797a4e44eca43ec356e40cb0d7bf5a9423e1efd728db28940892437f9c1f80b5c1d9957a549ee91026abd9a500dfc420d8c432c8dc5becf7c294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7523e9717a032b64c365457e2bfc6c82

SHA1
95aad4e3de678434a8ae5ee5531fb125189517c3

SHA256
b05e856c7a3b67a8fc47060a2362500a89f62843f99d3c91ba09a914e8448460

SHA512
1ee84d24f673c0fc2a380fbd6e1d0ea65ab056030620427390ac90378d43657feb2a4c01b937084e52930755f01263057de574244e0df51859c9d3c3d7ca2f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
1ed53d943d2e3ccce9c2b0e15adef87a

SHA1
bbf2333516375b3472d27d412e77793b58b210bc

SHA256
f0c5fb6aceee357a3673ccc98bda3af891ce8ec1311d74a0300b258b3e64d07f

SHA512
5b0ceb38f566b1b3332c55c4a64dca60a690ec88b5a17331fed608335f22f62949266484821374664f9a535d67903d13a1e8bed768376b43fdf3742e071285a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
22db7a406ca78f420ca19326850aec06

SHA1
dd175ae0a66c6f3793231c65446e97d4288bfa1c

SHA256
562b48e052db5c98f912354b011cc45c5b7ed9fd95b5a9a82b9974fdcf08da77

SHA512
824e5fe2f9e6bda036c9e7a183a2d782091a7427159d46423d8882f01400f1869f6302fb38239a7f5b9c6baa82fb141647708c62a6464e9432b0f79c11133e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8cb6dccdcecfdf37f16c6cfd890986c

SHA1
227022f251c10aef43a0c895fd303f10bab6886b

SHA256
af3c3a3c819b517b0ff8edec865501463d94699827ccc8c10d2e5d28f326658d

SHA512
9c24adce3abfb50ff48582f554214c87615a9246c321f5e69c8bff178796ce35d28b7ba0b9ba6ae02d8eb1b9e085a4e27c0b6b8e3ff6b462cb2c70e2978727d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91c05de3837b9fac34a1a9d7c425f97e

SHA1
887e1971977795ada66c50287bbeaf716af3cf02

SHA256
99e1544a8e6038c5d762ed00bb6bb3a503421ddb3de8af7350d75672900efdaa

SHA512
997a1d3ad716279ef5350e516478d4a0b9ffdf5a3bb28d1b42b106c9491f40686d0a1a70060275386897c428c9a4bdec5d34bd026791fa3c80530f8c1b391bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0559c7343b7dd8e3a32d57133e83a2d1

SHA1
de1d9179b282de129be3b6fa6433cbf0d5a7c91f

SHA256
3220ef262dd7db6a0055be516c97d36ba48ed64cc5d27329d13afeb3b663a6f7

SHA512
67366582408781ca6d6741b459c8a7ddc5d7e70a8b48a9f70cc46b494cd6861d9915e92473f58d8a39e4febf71222a25982de8caaf8927a708a4857faebb895c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4603d7255e9c374b2755c51d9b9749b

SHA1
c2a77cf8b051b7146c47d6c1e7869337c3cea5a2

SHA256
6e191e95aeecaf707b91c4a2969b5ecad852509bf29943201550f7195f2ec25b

SHA512
d188882beb63de68916509d47f1f5a3b24709ef806b5c11407ba6bcd0607574979ef257b025efcc14f3da123da9e907ad6b2f7113d23022298bb6098e5199f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0fff2010408a0ec75b94f280b9c072e

SHA1
4f9652f3caaf69acef574e4deeec25ce22413f81

SHA256
853ed647190db7245b623470f7926d28e4520725194a0f218ee81bc87f662dcb

SHA512
f24e7a2ee0118555fab67a4dd2878b434d3284abfb46709ab7475270c0c68515d413267a7627d2e807484104e0edcb9a74847683178fd12a54fe2693aa29be14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cd86157bc5f87bb09639660d8682395

SHA1
d838035b6f9795f71a967126fce56ad7840ffbdb

SHA256
1e5dc75a782d2e62c07d4eabbcf4f10c3330b206e013b38e6bfb4666b52e7c6a

SHA512
e028d9c1a7b1f14a729fa7087af209d30686ce47c107d7b0bba08d754a897f1889558c439d9eb0bde2dfa65b10799cc4290635d02bb1ed4038409983882eeb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
838d036bbc521a7c59120f6ea3c60e22

SHA1
55f891bcef520f5531534be63b6b94db23ae0f66

SHA256
0b66fdcbb50a56b06c447f5c6c076e596e079fa4ac96f17f53a4c94ed4a0974d

SHA512
ec250ddea965eea008fd76e343872adf5d9b951afffcd64717cb048becd5dfac25ebb0f68bdfecc51cc92413f77d0bb59227491fa31d2a5373b4e953f17f0873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594b38.TMP

Filesize
204B

MD5
1059857d94fdfa8b9be05bbecb9f290b

SHA1
6a2ef44357656cc1c583fafe187ace6932a9c76e

SHA256
adfc221a9450290b9449b79aa10e5407bfafb48665bb312253e60752785a5bf1

SHA512
42ad337f355eb33c19597986c67e42e498d544451e39326cf85734fd7ff258714ffee83cc3645e992feb859f348c8ddc2c6aa7b7ba359f9f2fa542690c4e569a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8e5e245-c742-407a-af21-00e10f20d5a6.tmp

Filesize
6KB

MD5
6cd732a22e6ad4dcf8ebc91005b2426c

SHA1
3fc8be8f8b004d123d0c29432e96ab793e885c42

SHA256
cc855668eb007233168a172da2ed12c33936e43c26d4d5768f4d5241be02b09b

SHA512
55fd6aa9d9bb8845bdaf1725d27735084d8a1aa0b41f14cb5009af2ab9e7c2a4110fcdd22ebee194ad42f8f9cee121680d52f20d9539983a7a4ef6575263c30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62a3f6c6276156d478ad2c91692089f4

SHA1
ed65aa19dffd1b3acae2d21e0592662b36387c14

SHA256
483306b3a909f4fc93ff6e5ce4aff09352a7f5e21a93bd0580c98440c1a0dce7

SHA512
66ba524c52ed05b3e48360ad6ef42812b7ea025fb35e21c4432127d11265f608fad3998a62e7c6e62fc68c6a29af0beaf8ed036cc2e3e7b44abf323c737c8967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c236689d6013398efd3c96f1e3a4784a

SHA1
2b1f8bcb366224271d76765cc0c16415340784fd

SHA256
6ee7cd272076b57e7c87175251f51ede1de35642375dc0a0b942fe31b8bae984

SHA512
aee8ab7cb2e069ce38c0e24289045351930a2dd635efc9351fb750c23bd3c6d5c1beca177e5dd179ee32e8ea9b9f5f777263cc58165e775d4730a0ffb88d57c1

Download Submit